Organizations today are taking great strides when it comes to innovation, but unfortunately security and governance continue to lag behind. One recent study revealed that, although the DevOps ratio is now 10:1, the DevSec ratio is still 100:1. We need to understand what’s causing this gap and what actions we can take to bridge it.
Earlier this year, Sonatype put together an article looking at what enterprises can do to bridge the gap between software developers, IT operations, and security. We’ve summarized their thoughts here, but we encourage you to read the full article if you would like to learn more.
Understanding the Gaps in Dev(Sec)Ops
It’s important to reinforce that day-to-day security measures like checking for third-party vulnerabilities and responding to incidents aren’t the cause for concern. Instead, where voids tend to appear is with things such as hacker mindsets (proactively searching for new possible attack vectors) and in performing tasks like in-depth risk analyses and threat models, all of which play key roles in enabling enterprises to create robust, holistic security architectures.
Two Models for Addressing the Problem
1. Fully Shared Responsibilities
This framework calls for each development team to integrate at least one T-shaped individual (someone capable of many things and an expert in one) who specializes in security. This person needs to be able to translate security threats into actionable items that their team can implement and communicate concerns in ways business owners and leaders will understand.
Keep in mind that the security-focused person shouldn’t be allocated all of the security work otherwise the silo will simply be transformed from a macro one (where there’s a distinct security team) to a micro one (where there is an isolated team member). Over time, the job of doing security analyses should be spread throughout the team so that the T-shaped person can stay on top of best practices, find new tools and methods, facilitate workshops, and ultimately lead security strategy.
Pros |
Cons |
|
|
The Final Word
A fully shared responsibilities model is often ideal for companies with cross-functional, autonomous teams that each work on products or services with very different risk profiles. Spotify is one of the largest and highest-profile companies to have adopted this approach.
2. Security as an Enabling Team
In this model, a central security team supports multiple product development teams, getting involved from day one of a project to make sure they can provide security-specific feedback at each stage of the process. An important caveat here is that the security team shouldn’t actually perform analyses or implementations. They should simply promote best practices and provide guidance on which other teams can act.
Switching to the security-as-an-enabling team model can sometimes be an easier transition for enterprises because it doesn’t require the same degree of structural change that a fully shared responsibilities model does. Ultimately, the biggest challenge with this approach tends to be making the shift without confusion or regression.
Pros |
Cons |
|
|
The Final Word
This approach works well for companies that have a smaller number of teams to begin with, especially if those teams (or members of them) have a pre-existing interest in security. Enterprises that have taken this approach include Sportradar.
Evolve Teams to Suit Changing Security Needs
Remember that team design shouldn’t be static. The best fit for you today might get in the way of better, faster developments tomorrow, which is why you need to be prepared to adapt as your organization grows.
iTMethods helps companies accelerate software delivery capabilities through their Cloud-native DevOps SaaS Platform. The Enterprise SaaS offering features a toolchain catalog comprised of best-of-breed DevOps tools including CloudBees Jenkins, Github, Atlassian, Sonatype, and many more. These tools are deployed to each customer’s specific requirements, including security, scalability, and 24/7 customer support. Learn more at itmethods.com.
Read more from iTMethods:
- On-Site vs. Atlassian Cloud vs. the AWS Cloud: What’s the Best Option for Hosting Atlassian Applications?
- Why You Need to Care about DevOps
- Aligning Developers with a DevOps Cloud Strategy
Managed DevOps Platform
Securely hosted in the cloud, our DevOps platform is offered as single-tenant SaaS or managed customer VPC. Empowering teams with cutting-edge tools, it streamlines collaboration and accelerates development cycles for efficient high quality software delivery.
Modernize your DevOps Tools
Increase productivity, reduce costs and stay current with the latest tool/features across your evolving DevOps tech stack.
Hosted/Managed by Experts
Free your resources and execute with enterprise trusted solutions for your DevOps tools & tools management.
Single-Tenant SaaS or Managed Customer VPC
Not all cloud deployments models are created equal, retain full control and align your enterprise business requirements.
Highly Secure & Compliant
Cloud with enterprise controls, security and assurance your deployments are protected and integrate seamlessly.
Customer Obsessed
Partner with the global DevOps leader focused on delivering innovative solutions that delight our customers everyday!
Learn more or talk to an expert today!
DevOps SaaS Platform
Our SaaS-based DevOps platform, hosted securely on the cloud, empowers your teams, equips them with cutting-edge tools, and addresses your highjest business priorities, ensuring you retain your competitive edge and lead the market.
Modernize your DevOps Tools
Increase productivity, reduce costs and stay current with the latest features across your evolving DevOps tech stack.
Hosted/Managed by Experts
Free your resources and execute with enterprise trusted solutions for your DevOps tools & tools management.
Single-Tenant SaaS or Managed Customer VPC
Not all cloud deployments models are created equal, retain full control and align your enterprise business requirements.
Highly Secure & Compliant
Cloud with enterprise controls, security and assurance your deployments are protected and integrate seamlessly.
Customer Obsessed
Partner with the global DevOps leader focused on delivering innovative solutions that delight our customers everyday!
Learn more or talk to an expert today!
AI/ML Services and Managed Platforms
Partnering with top AI/ML ISVs and infrastructure providers, we offer comprehensive services and managed platforms to address your intricate AI solution requirements.
OFFERINGS:
Professional Services
Maximizing organizations’ data science and AI capabilities with specialized services and support.
Managed Services
Expert managed offerings for your ISV tools, models and leading cloud infrastructure (AWS, Azure, Nvidia).
iTMethods’ AI WorkBench
Production-ready managed platform for seamless deployment of top-tier AI/ML tools, models & infrastructure. View on AWS Marketplace
FEATURED PARTNERS:
Helping customers realize Python’s full potential for artificial intelligence (AI), machine learning (ML), & data science. >>Learn More
Zetaris AI’s data analytics platform enables businesses to access & analyze data from various sources in real-time without duplication. >>Learn More
AI/ML Services & Managed Platforms
Partnering with top AI/ML ISVs and infrastructure providers, we offer comprehensive services and managed platforms to address your intricate AI solution requirements.
OFFERINGS:
Professional Services
Maximizing organizations’ data science and AI capabilities with specialized services and support.
Managed Services
Expert managed offerings for your ISV tools, models and leading cloud infrastructure (AWS, Azure, Nvidia).
iTMethods’ AI WorkBench
Production-ready managed platform for seamless deployment of top-tier AI/ML tools, models & infrastructure. View on AWS Marketplace
FEATURED PARTNERS:
Helping customers realize Python’s full potential for artificial intelligence (AI), machine learning (ML), & data science. >>Learn More
Zetaris AI’s data analytics platform enables businesses to access & analyze data from various sources in real-time without duplication. >>Learn More
DevOps & Cloud Solutions
Optimize your teams with expert solutions for software development, deployment automation, security and Cloud infrastructure management.
SERVICES OVERVIEW
CI/CD Pipeline Development
Optimize your software development and deployments
JFrog Professional Services
Enhance your DevOps and AI/ML software supply chain security.
Infrastructure as Code (IaC)
Rapidly implement and maintain your IaC technologies
Cloud Infrastructure
Unlock the full potential of AWS, Azure, and Containers / Kubernetes
GitOps & Monitoring
Git-based practices with advanced monitoring solutions
How We Help
Flexible Consulting and Support Services:
- Assessments
- Strategy & Design
- Implementation
- Comprehensive Support
DevOps & Cloud Solutions
Optimize your teams with expert solutions for software development, deployment automation, security and Cloud infrastructure management.
SERVICES OVERVIEW
CI/CD Pipeline Development
Optimize your software development and deployments
Infrastructure as Code (IaC)
Rapidly implement and maintain your IaC technologies
Cloud Infrastructure
Unlock the full potential of AWS, Azure, and Containers / Kubernetes
GitOps & Monitoring
Git-based practices with advanced monitoring solutions
Jira-based IT Service Management (ITSM)
Prescriptive solutions pre-built with Jira Service Management (JSM)
How We Help
Flexible Consulting and Subscription Services:
- Assessments
- Strategy & Design
- Implementation
- Managed Services
iTMethods 360: for Atlassian
Our Atlassian solution pillars each designed to deliver the highest level of consistent value and customer experience to all the organizations we serve.
ATLASSIAN SOLUTIONS
Atlassian Cloud Migration
Addressing complex migration options to the Cloud.
Atlassian Consulting
Helping teams benefit from the full potential of Atlassian tools.
Atlassian Managed Services
Expert administration, support and functional services subscription.
Atlassian Data Center Hosting
Single-Tenant SaaS or Managed Customer VPC instances in the cloud.
Atlassian Licensing Solutions
Expert guidance and support for all your Atlassian licensing needs.
FEATURING:
Atlassian Managed Services
Accelerate success with your Atlassian tools today! Choose from our flexible service plans.
SERVER END-OF-LIFE
Migrate to Atlassian Cloud or our Single-Tenant SaaS / Managed Customer VPC options.
iTMethods 360: for Atlassian
End-to-end Atlassian coverage helping customers allocate internal resources to their highest business priorities.
ATLASSIAN SOLUTIONS
Atlassian Cloud Migration
Addressing complex migration options to the Cloud.
Atlassian Consulting
Providing your teams full potential of your Atlassian tools.
Atlassian Managed Services
Expert administration, support and functional services subscription.
Atlassian Data Center Hosting
Single-Tenant SaaS or Managed Customer VPC instances in the cloud.
Atlassian Licensing Solutions
Expert guidance and support for all your Atlassian licensing needs
FEATURING:
Atlassian Managed Services
Accelerate success with your Atlassian tools today! Choose from our flexible service plans.
SERVER END-OF-LIFE
Migrate to Atlassian Cloud or our Single-Tenant SaaS / Managed Customer VPC options.
Featured Platform DevOps Tools
55+ DevOps Tools Supported
Choose from an extensive catalog of DevOps tools your teams already love.
Contact Us Today!
Atlassian
CloudBees
HashiCorp
Featured Platform DevOps Tools
55+ DevOps Tools Supported
Choose from an extensive catalog of DevOps tools your teams already love.
Contact Us Today!
Atlassian
CloudBees
HashiCorp
Resources
iTMethods resources, best practices, industry trends and news for Enterprise DevOps and Cloud Transformation.
Blog
Stay up to date with the latest in Enterprise DevOps Tools & Tool Management.
Webinars & Videos
Watch industry leaders discuss how to get the most out of your DevOps investment.
eBooks & Whitepapers
Industry leading research and insight available to download.
Reports & Guides
Expert industry analysis and guidance at your finger tips.
Case Studies
Explore our library of case studies.
Partner with the global leader in DevOps Tools and Tools Management
Fast track your Digital Transformation priorities with our ready to run solutions.
Looking for a customer obsessed partner? Let’s Talk!
Resources
iTMethods resources, best practices, industry trends and news for Enterprise DevOps and Cloud Transformation.
Blog
Stay up to date with the latest in Enterprise DevOps Tools & Tool Management.
Webinars & Videos
Watch industry leaders discuss how to get the most out of your DevOps investment.
eBooks & Whitepapers
Industry leading research and insight available to download.
Reports & Guides
Expert industry analysis and guidance at your finger tips.
Case Studies
Explore our library of case studies.
Partner with the global leader in DevOps and AI/ML Tools and Tools Management
Fast track your Software Development priorities with our ready to run solutions.
Looking for a customer obsessed partner? Let’s Talk!